How to be a safe email user

A man on a table and a woman on a laptop on the bed with their dog
« Return to Learn

Email is thoroughly integrated into many aspects of our lives. We use it to apply for jobs, pay monthly bills and keep in touch with friends and family.

Around the world, more than 220 billion emails are sent every day—half of which are spam (unsolicited junk email). The average person receives 88 messages, although spam filters may remove many of those before they make it to an inbox. Of the 30 percent we open, we might click an embedded link in one out of every 11. What are the odds you’ll click on a link that might infect your computer with malware or compromise your private information?

That depends on your online safety habits.

It’s smart to be wary of email. Watching where you click can prevent you from unwittingly downloading a virus or malware, or sending private data to fraudsters. Since we get so much important info through email, being able to tell a legitimate email from a clever scam is a necessary survival skill.

Let’s say you’re a conscious consumer who always signs up for paperless billing. Your credit union, credit card issuer and cell phone provider all communicate with you through email. Sometimes they send you need-to-know updates about your account or helpful tips in their newsletters. Should you click on them?

If you don’t, you might miss out on information you need or want. It might be the safest option, but it’s not really practical. Instead, use your online smarts to proceed cautiously.

Who’s it’s really from?

It’s basic common sense that you shouldn’t open emails or download attachments from people you don’t know. But some scammers will mimic a sender you trust, like your bank or credit union, to trick you into opening the email, clicking on a link or even giving them your password, credit card numbers or other sensitive information.

Let’s say you get an email that appears to be from OCCU. How do you know it’s really from us? Here are a few things to keep in mind:

  • We’ll never ask for confidential info in an email. If an email asks you for sensitive data such as passwords, PINs, or account information, it’s not from us. Will never ask for your private information in an email—and you should never provide it.
  • Our name and address match. When you look at who an email is from, you typically can see both the sender’s name and email address. Our email addresses end with Anything else is a big red flag.
  • We use spell check. Everyone makes the occasional grammatical error, but phishing emails are often riddled with mistakes. If you get an email that doesn’t have the same level of professionalism you’re used to, be wary.

If you’re ever unsure about an email from your financial institution, you can always go straight to the source. Many of the notifications you receive will also be available in your online profile. If you have any doubts about who the message is from, don’t click any links! Instead, go straight to the known website address and sign in.

Is that link legit?

Clicking links in an email can be risky. One click is all it takes to send you to malicious website that can infect your computer with malware—or trick you into giving up your login information.

It’s an easy trap to avoid, however, as long as you get in the habit of using a precaution known as the “skeptical hover” technique. When you see a link in an email, let your cursor hover over it without clicking. Now look down at the bottom left corner of your screen, and you’ll see the URL of the link you’re about to click. If you don’t recognize the website it’s pointing to, don’t click on it!

When you get an email from us, it might contain links that look something like this: You can click on those! They’re from us, and they’re perfectly safe.

Now that you know what to look for, it only takes a few seconds to verify that an email is trustworthy. Using good email safety habits will help you outsmart all the spammers and phishers out there.